Security News > 2020 > January

Beyond these high-profile instances, various journalists and human rights activists have been targeted globally after a WhatsApp zero-day vulnerability was exploited by attackers who were able to inject spyware onto victims' phones. Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities - the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance.

Unstructured documents - especially those that have been given wrong or no sensitivity classification - are among the most difficult assets for any enterprise to track and secure. In a separate report published January 29, 2020, Concentric provides the result of analyzing 26 million unstructured documents from companies in the technology, financial and healthcare sectors.

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. "An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device," Cisco wrote.

New episode available now.

Not only that, search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards' contents using a specialised type of search called a 'dork'. One of the worst Trello boards I came across, a HR onboarding Trello board, it's been reported and removed now.

Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites. The Code Snippets plugin, which has over 200,000 installations, provides admins with a graphical interface to run PHP code on their WordPress-powered websites by removing the need to add custom snippets to the theme's functions.

A former moderator for the now-defunct AlphaBay darknet marketplace site pleaded guilty this week to a federal racketeering charge and could face 20 years in federal prison, according to the U.S. Justice Department. As a moderator on the AlphaBay site, Herrell settled over 20,000 disputes between vendors and purchasers, according to court papers.

Understanding Data Breach Myth Vs. Reality.Watch this webinar OnDemand and learn three of the most common data breach myths.

Those third parties send Facebook information about your activities including things like opening an app on your mobile, logging into it online using your Facebook ID, or even just visiting a site. This piece of Facebook code is known more generically as a web bug, and it logs your activities on any site that embeds it, sending that information back to Facebook.

According to the confidential document, at least 42 U.N. servers were compromised in Geneva and Vienna, potentially exposing staff personnel data and sensitive documents for other organizations collaborating with the U.N. "Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report implies that internal documents, databases, emails, commercial information and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals and organisations communicating with and doing business with the U.N.," Ben Parker, with The New Humanitarian, said on Wednesday. Servers in three separate locations were compromised: the U.N. office at Vienna; the U.N. office at Geneva; and the U.N. Office of the High Commissioner for Human Rights headquarters, also in Geneva.